Описание
An issue was discovered in EnterpriseDB Postgres Advanced Server (EPAS) before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0. It contain packages, standalone packages, and functions that run SECURITY DEFINER but are inadequately secured against search_path attacks.
Ссылки
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 11.21.32 (исключая)Версия от 12.0.0 (включая) до 12.16.20 (исключая)Версия от 13.0.0 (включая) до 13.12.17 (исключая)Версия от 14.0.0 (включая) до 14.9.0 (исключая)Версия от 15.0.0 (включая) до 15.4.0 (исключая)
Одно из
cpe:2.3:a:enterprisedb:postgres_advanced_server:*:*:*:*:*:*:*:*
cpe:2.3:a:enterprisedb:postgres_advanced_server:*:*:*:*:*:*:*:*
cpe:2.3:a:enterprisedb:postgres_advanced_server:*:*:*:*:*:*:*:*
cpe:2.3:a:enterprisedb:postgres_advanced_server:*:*:*:*:*:*:*:*
cpe:2.3:a:enterprisedb:postgres_advanced_server:*:*:*:*:*:*:*:*
EPSS
Процентиль: 23%
0.00077
Низкий
8.8 High
CVSS3
9.8 Critical
CVSS3
Дефекты
CWE-427
CWE-427
Связанные уязвимости
CVSS3: 8.8
github
около 2 лет назад
An issue was discovered in EnterpriseDB Postgres Advanced Server (EPAS) before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0. It contain packages, standalone packages, and functions that run SECURITY DEFINER but are inadequately secured against search_path attacks.
EPSS
Процентиль: 23%
0.00077
Низкий
8.8 High
CVSS3
9.8 Critical
CVSS3
Дефекты
CWE-427
CWE-427